# Portal Users

Administrators are granted permissions to perform advanced actions to manage the broader WorkSpaces estate. In WorkSpaces Manager, these permissions can be granularly assigned to Portal Administrators for specific tasks.

<figure><img src="https://2854239078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxEJOGCAr5O8d9q95spJy%2Fuploads%2Fbz0ogyur0JOFoNoPnWEV%2FScreenshot%202025-02-13%20161607%20(1).png?alt=media&#x26;token=119845b8-2a82-44d9-98f3-831fec442156" alt=""><figcaption></figcaption></figure>

This section allows the delegation of support roles, enabling different users to access the WorkSpaces Manager console with specific administrative rights. For example, you may assign two staff members to manage users with critical roles, where policy dictates that only they are authorized to change the reboot times for those users' WorkSpaces.

{% hint style="warning" %}
Before proceeding, ensure that the [Roles](https://admin.nuvens.cloud/security-section/roles) section includes an Administrator role with full permissions set up.
{% endhint %}

**Adding a new Administrator**

To add a new Portal administrator, click the icon on the right and select **Invite User**.

<figure><img src="https://2854239078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxEJOGCAr5O8d9q95spJy%2Fuploads%2FYSTWQYEtsW1QPRA3xyRx%2FScreenshot%202025-02-13%20161607.png?alt=media&#x26;token=5580f5fa-006f-4f65-b701-0cfe3236f001" alt=""><figcaption></figcaption></figure>

Enter the user's email address. An invitation email with a registration link will be sent.

<figure><img src="https://2854239078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxEJOGCAr5O8d9q95spJy%2Fuploads%2FhlbQVZgYPNblyRQ8ufkg%2FScreenshot%202025-02-12%20151459.png?alt=media&#x26;token=67c10b37-cfd7-40e5-b361-d59e481b54d7" alt=""><figcaption></figcaption></figure>

The user must complete the registration process and confirm their email.

<figure><img src="https://2854239078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxEJOGCAr5O8d9q95spJy%2Fuploads%2FhNEPM6wLh6yF5o6wKx6Z%2FScreenshot%202025-02-12%20151548.png?alt=media&#x26;token=4684bf3f-312b-4c8b-ab37-5b51acc8e78f" alt=""><figcaption></figcaption></figure>

Once the registration is confirmed, go to the **Portal Users** page. Click on the new user and assign a role either the SuperAdmin role or a custom Admin role you’ve created.

<figure><img src="https://2854239078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxEJOGCAr5O8d9q95spJy%2Fuploads%2FwUelyRgGqjZLQigKmn5s%2Fadrole%20(1).png?alt=media&#x26;token=e3a7a74f-5901-4aaa-ab83-ccefca08b90c" alt=""><figcaption></figcaption></figure>

**Restricting users to Accounts, Regions or Directories**

For support role delegation, you may want to restrict Portal Administrators to managing WorkSpaces in specific AWS Regions (e.g., a Support team in APAC), specific WorkSpace Directories (e.g., directories containing only Finance and Marketing users), or based on WorkSpace Tags (e.g., where the Department is 'R\&D').

![](https://2854239078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxEJOGCAr5O8d9q95spJy%2Fuploads%2FjVhGL4rjmIhsyUNH1Kbg%2Frolerestrict2%20%20\(1\).png?alt=media\&token=b2e9edc3-2ce2-415b-950d-ab6b8c793f60)

With this Admin Role, we've restricted the assigned users to managing WorkSpaces in the **eu-west-1**, **eu-west-2**, and **eu-central-1** regions, within a specific WorkSpace Directory, and any WorkSpaces in the assigned AWS Account (with multiple options if Multi-AWS accounts are set up). They cannot manage WorkSpaces outside of these parameters (e.g., they cannot terminate or reboot a WorkSpace in **us-east-1**). You can add or remove Accounts, Regions, and Directories by clicking the bin icon next to them.

{% hint style="danger" %}
It’s important to note that Directories take precedence over Regions, and Accounts override both Directories and Regions.
{% endhint %}